what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 272 RSS Feed

Files from AutoSec Tools

Email addressjohn at autosectools.com
Websitewww.autosectools.com
First Active2010-04-27
Last Active2012-04-17
View User Profile
V-CMS PHP File Upload And Execute
Posted Apr 17, 2012
Authored by sinn3r, AutoSec Tools | Site metasploit.com

This Metasploit module exploits a vulnerability found on V-CMS's inline image upload feature. The problem is due to the inline_image_upload.php file not checking the file type before saving it on the web server. This allows any malicious user to upload a script (such as PHP) without authentication, and then execute it with a GET request. The issue is fixed in 1.1 by checking the extension name. By default, 1.1 only allows jpg, jpeg, png, gif, bmp, but it is still possible to upload a PHP file as one of those extension names, which may still be leveraged in an attack.

tags | exploit, web, php
advisories | CVE-2011-4828
SHA-256 | 5db10ec6f958334e9330d4c85475a69cd8b4c04de7b7b2ad6e87bd5f504d7f81
PHP Vulnerability Hunter 1.2.0.2
Posted Jan 10, 2012
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Fix made in relation to the error reporting.
tags | arbitrary, local, php, vulnerability, file inclusion, fuzzer
SHA-256 | 3c0e45c995b45ccd06e3e1921ce42b2dc006e7c50ef41f09e35465397971feca
PHP Vulnerability Hunter 1.2.0.1
Posted Jan 9, 2012
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Added tooltips to GUI, input map report, automatic error reporting, port setting, static analysis phase, and a ton more. Minor CLI tweaks. Code annotation improvements and updated help menu shortcut.
tags | arbitrary, local, php, vulnerability, file inclusion, fuzzer
SHA-256 | 9518133a3f1021b40158214497372d472d196b47de6a8109d45d82f46f801c50
PHP Vulnerability Hunter 1.1.4.6
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Added code coverage report. Updated GUI validation. Several instrumentation fixes. Fixed lingering connection issue. Fixed GUI and report viewer crashes related to working directory.
tags | tool, arbitrary, local, php, vulnerability, file inclusion, fuzzer
SHA-256 | ceb5c22d39fc6f90b7e680e8c9287c121c4d955d426bab53fde7a92a6c51c13f
V-CMS 1.0 Cross Site Scripting
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

A reflected cross site scripting vulnerability in V-CMS version 1.0 can be exploited to execute arbitrary JavaScript.

tags | exploit, arbitrary, javascript, xss
SHA-256 | c6bd8d414c203e4d7061c79f3542c1b5b217553d5e43319d293458513d863d05
V-CMS 1.0 SQL Injection
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

A SQL injection vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php, sql injection
SHA-256 | df2dee289d5c87f204cf0fee719b33c99baed4a25e2a6f9f88c897389068853f
V-CMS 1.0 Shell Upload
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

An arbitrary upload vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php
SHA-256 | 9b9778fc86835a6bdf9f0531d06a9035e7c2a698cfe50ecd0e20362d22be8cd2
Herberlin Bremsserver 3.0 Directory Traversal
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

A directory traversal vulnerability in Herberlin Bremsserver version 3.0 can be exploited to read files outside of the web root.

tags | exploit, web, root
SHA-256 | 950c47363f210cdb881bcfb068ccaf7f685f850f0d610b4a2d6acc3361bd64ca
Process Hollowing
Posted Sep 27, 2011
Authored by AutoSec Tools | Site autosectools.com

Whitepaper called Process Hollowing. Process hollowing is yet another tool in the kit of those who seek to hide the presence of a process. The idea is rather straight forward: a bootstrap application creates a seemingly innocent process in a suspended state. The legitimate image is then unmapped and replaced with the image that is to be hidden. If the preferred image base of the new image does not match that of the old image, the new image must be rebased. Once the new image is loaded in memory the EAX register of the suspended thread is set to the entry point. The process is then resumed and the entry point of the new image is executed.

tags | paper
SHA-256 | 7f7a85ecfeef6b9feb94c08d5e3cb1f087e2f5240b64d76d49bde14d9a26bc7b
FuzzTalk Fuzzing Framework 1.0.0.0
Posted Sep 6, 2011
Authored by AutoSec Tools | Site autosectools.com

FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.

tags | web, protocol, fuzzer
SHA-256 | 6d7aeec133b9386bd209b8716b27fc1d4d48ef3178ef969a9eb75f2172ef6eed
Anti-Debugging With Exceptions
Posted Aug 30, 2011
Authored by AutoSec Tools | Site autosectools.com

Whitepaper call Anti-Debugging with Exceptions. Several techniques for detecting exception swallowing debuggers have been documented. The concept is simple: by design, debuggers handle certain kinds of exceptions. If such an exception is wrapped in a try block, the exception handle is only executed if a debugger is not attached. Hence it can be inferred that a debugger is attached whenever the exception block is not executed.

tags | paper
SHA-256 | 3dc0d938444d4ea8c28a360c244944d839f70154ae1c34e649472052b970a2ef
PHP Vulnerability Hunter 1.1.3.1
Posted Aug 16, 2011
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

tags | arbitrary, local, php, vulnerability, file inclusion, fuzzer
SHA-256 | add28806781ecf08f8b6dd125cf3fe1ef7b0857f91e72062ae1768273680e1fe
IAT Hooking Revisited
Posted Aug 2, 2011
Authored by AutoSec Tools | Site autosectools.com

Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions. However, most methods rely on suspicious API functions and leave several easy to identify artifacts. This paper explores different ways IAT hooking can be employed while circumventing common detection mechanisms.

tags | paper
SHA-256 | 7fc4f73e8ce5a00253ddb8deff3d09da7612ebbcf819c8a3ae17075fced2702e
All Windows Null-Free MessageBoxA Shellcode
Posted Jul 12, 2011
Authored by AutoSec Tools | Site autosectools.com

167 bytes small all Windows null-free MessageBoxA shellcode. Tested on 2000, XP, XP x64, Vista, 7, 8 M3 x64.

tags | shellcode
systems | windows
SHA-256 | 437fa45db69d2822c191ab5303e89feba74d2a148268c980c7da10a151e0f896
All Windows Null-Free CreateProcessA Calc Shellcode
Posted Jul 6, 2011
Authored by AutoSec Tools | Site autosectools.com

112 bytes small all Windows null-free CreateProcessA calc.exe shellcode.

tags | shellcode
systems | windows
SHA-256 | dfff5aba1ff807d6c0bb374cc445b05cbf2421d449374ee9d01434ca10a7a8e0
HTTP Bog 1.0.0.0
Posted Jun 18, 2011
Authored by AutoSec Tools | Site autosectools.com

HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. Requires .NET 3.5. Written in C#.

tags | web, denial of service
SHA-256 | 21b49d0423d9dfda5e5ab125414ed0306b679f58a4bc84e2b5e2625ab7253788
Directory Traversal Scanner 1.0.1.0
Posted Jun 7, 2011
Authored by AutoSec Tools | Site autosectools.com

This is a directory traversal scanner written in C# that audits HTTP servers and web applications. Complete source included.

Changes: UI improvements. Fixed a timeout. Settings are now saved upon exit. Several fuzz string updates and more.
tags | tool, web, scanner
systems | unix
SHA-256 | c6e52c1e2da6ad919fd343f4344bc7ff0add71acb44fbfb524bfd4042c533bbc
Tele Data Contact Management Server Directory Traversal
Posted Jun 6, 2011
Authored by AutoSec Tools | Site autosectools.com

A directory traversal vulnerability in Tele Data Contact Management Server can be exploited to read files outside of the web root.

tags | exploit, web, root, file inclusion
SHA-256 | 1be46bf8d70514e8501795687aea6acf007a515827d9ff4a5421815fb6998163
Simple Web-Server 1.2 Directory Traversal
Posted Jun 6, 2011
Authored by AutoSec Tools | Site autosectools.com

A directory traversal vulnerability in Simple web-server version 1.2 can be exploited to read files outside of the web root.

tags | exploit, web, root
SHA-256 | 63fb45045d2f2f3690e8e0ba41a9d136bae12b88aa1997f3d7d4b5b700bc1571
Nakid CMS 1.0.2 Cross Site Scripting
Posted Jun 6, 2011
Authored by AutoSec Tools | Site autosectools.com

A reflected cross site scripting vulnerability in Nakid CMS version 1.0.2 can be exploited to execute arbitrary JavaScript.

tags | exploit, arbitrary, javascript, xss
SHA-256 | 62cd6ea41bb8a4bce46b604ae2797ae53ab6bc8cec88a777b99a3892b007766b
Angora Guestbook 1.5 Local File Inclusion
Posted Jun 6, 2011
Authored by AutoSec Tools | Site autosectools.com

A local file inclusion vulnerability in Angora Guestbook version 1.5 can be exploited to include arbitrary files.

tags | exploit, arbitrary, local, file inclusion
SHA-256 | c2b1b1a09c426d65d7e299068e5008f7176f6ac92fba87dddddbb0421a2c7f8c
HTTPConsole 1.0.0.0 For Windows
Posted May 31, 2011
Authored by AutoSec Tools | Site autosectools.com

This is an HTTP console to remote administer Windows hosts with a browser-based, AJAX-enabled, command-line interface. Server requires .NET 3.5. Written in C# and JavaScript.

tags | remote, web, javascript
systems | windows
SHA-256 | 7dec994beced4f331b24fde32be7a2e3088ff3ecf40ecae45cd2ec54a69a686b
Clipbucket 2.4 RC2 645 SQL Injection
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

A SQL injection vulnerability in Clipbucket version 2.4 RC2 645 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php, sql injection
SHA-256 | 6f0d10f78695697be08aaad71f69ebf5932985db42e1fc464f2a06ce15f1d538
eGroupware 1.8.001.20110421 Local File Inclusion
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

A local file inclusion vulnerability in eGroupware version 1.8.001.20110421 can be exploited to include arbitrary files.

tags | exploit, arbitrary, local, file inclusion
SHA-256 | 07ccc0d9a68de349319a1eceb37a6094b2810ad1e924bc4870669646a7b55753
eGroupware 1.8.001.20110421 Open Redirect
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

An open redirect in eGroupware version 1.8.001.20110421 can be exploited to redirect users to an arbitrary URL.

tags | exploit, arbitrary
SHA-256 | b4a29e3964e1d7bd72995d10043cf6c74cf999a044fb3fe26884221a0473da93
Page 1 of 11
Back12345Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close